Continuous Hacking

We detect and report all vulnerabilities
and security issues during the entire software development cycle.
Our participation during the entire development period
allows us to detect security issues continuously as the software evolves.
There’s no need to have a working environment
to start hacking since we are able to analyze source code
published on a project’s GIT repository.
The rigorous inspection carried out by our team
allows us to detect all security issues
with no false positives and to check if issues were properly repaired
before the system goes into the production phase.

Hacking techniques

Integral continuous hacking
is achieved through application and infrastructure ethical hacking,
as well as source code analysis.
We require access to both, the GIT repository and integration environment,
in order to perform integral continuous hacking.

In limited continuous ethical hacking,
you can choose between application ethical hacking
or source code analysis.
Access to the GIT repository or the integration environment
is required to perform limited continuous hacking.

Healthcheck

When a new continuous ethical hacking subscription starts,
if there were any previous issues
it is necessary to perform a healthcheck.
This means we will attack all versions of the existing code
up to the subscription start point in addition to the monthly test limit
to catch up with the development team
within the first 3 subscription months.
Then we’ll continue hacking simultaneously as development continues
(healthcheck will have additional fees).

Severity and Hacking Environments

You are able to decide which security requirements will be tested
on each Ethical Hacking (Profiling) through our
Rules product.
You will know the exact severity for each hacking
(for inspected and non-inspected profiled requirements).
Basic service allows customers to choose a single environment
from production, testing or integration.
Customers can also add additional testing environments
for validation at an additional charge.

Duration of Service and Attack Cycles

The minimum subscription time for continuous ethical hacking is one year.
The selected system will be attacked multiple times
to test all versions generated during the development phase.

Integrates

Our platform for communication,
follow up and reporting of your project.
You can use Integrates
to access general information about each finding,
check its remediation status,
classify it according to age,
visualize real-time project statistics and progress,
as well as other functionalities.

You can also use chat and comments for any project or finding question.
Integrates provides a Technical Report,
which contains detailed information on all security vulnerabilities.
It gives technical personnel
a road map for a technical remediation plan.
Also, you can find an Executive Report for use of all project’s stakeholders.
It includes an in-depth findings analysis
and a projected business impact statement,
as well as a summary of the project scope,
methodology used, conclusions and recommendations.

Remediation

Multiple finding validation cycles
are performed during the subscription period
to ensure findings have been properly repaired.
We can check if any finding has been successfully closed
as many times as a customer wants us to.
In order to perform this remediation validation,
a customer must first define the treatment
used to remediate the vulnerability
and then request, through Integrates,
a finding validation.
You can request clarification on any issue
by directly contacting our hackers through our platform Integrates.

Reproduce mock attacks

We can reproduce mock attacks with Asserts,
an automated closing engine which closes security findings
over execution environments (DAST and SAST).
Asserts breaks the build if finds out that a vulnerability is open,
either because it reopened or has not been closed.

Critical information extraction

Information gets deleted securely

7 days after a customer approves their final report
all information gathered during Ethical Hacking
is deleted securely from all of our systems.

Highly trained hacking team

Our hackers have practical certifications and academic backgrounds
related to security testing.
They perform manual testing and use tools
to guarantee that our reporting includes insecure programming practices,
standard alignment and security regulation compliance,
and findings with specific business impacts.
This enables us to detect Zero Day findings
with no false positive reports.

To check on differences between our services
and other providers take a look at our differentiators
here.

To check on differences between our One-shot hacking
and Continuous hacking take a look at our comparative
here.

Talk to our experts and start solving your vulnerabilities now!

First Name:

Last Name:

Email

Mobile
Number is valid
Number is not valid

How can we help you?
Products of Interest:
Please select an option
Message: